<html>
<head>
    <title>Book-O-Rama Book Entry Results</title>
</head>

<body>
    <h1>Book-O-Rama Book Entry Results</h1>
    <?php
    $isbn = trim($_POST['isbn']);
    $author = trim($_POST['author']);
    $title = trim($_POST['title']);
    $price = trim($_POST['price']);

    if (!$isbn || !$author || !$title || !$price) {
        echo "<p>You have not entered all the required details.</p>";
        exit;
    }

    if (!get_magic_quotes_gpc()) {
        $isbn = addslashes($isbn);
        $author = addslashes($author);
        $title = addslashes($title);
        $price = floatval($price);
    }
    
    try {
        @$db = new mysqli('localhost', 'root', 'snriud', 'test');

        if (mysqli_connect_errno())
            throw new Exception("Database connection error", 00);
    } catch (Exception $e) {
        echo "<p style='color:red'>Error {$e->getCode()}: {$e->getMessage()}</p>";
        exit;
    }

    try {
        $query = "insert into books values ('{$isbn}', '{$author}', '{$title}', {$price})";
        $result = $db->query($query);
        
        if ($result === false) {
            throw new Exception("Query error", 01);
            exit;
        } else {
            echo "<p>{$db->affected_rows} book inserted into database.</p>";
        }    
    } catch (Exception $e) {
        echo "<p style='color:red'>Error {$e->getCode()}: {$e->getMessage()}<br />";
        echo "<pre>{$query}</pre></p>";
        exit;
    }

    $db->close();   
    ?>
</body>
</html>
